Skip to main content

Cisco Router Securing Administrative Access

Disable DNS lookup

R1(config)#ip domain-name jpudasaini.com.np

Set a minimum password length of 10 characters
R1(config)#security password min-length 10

Configure the enable secret password
R1(config)#enable secret cisco11111

Console password and enable login
R1(config)#line console 0
R1(config-line)#password ciscocon111111

Line to log out after 5 minutes of inactivity
R1(config-line)#exec-timeout 5 0
R1(config-line)#login

Prevents console messages from interrutpin command entry
R1(config-line)#logging synchronous

secure AUX port for router
R1(config)#line aux 0
R1(config-line)#password ciscoauxpass
R1(config-line)#exec-timeout 5 0
R1(config-line)#login

Password on the vty lines for router
R1(config)#line vty 0 4
R1(config-line)#password ciscovtypass
R1(config-line)#exec-timeout 5 0
R1(config-line)#login

command to encrypt the console, aux and vty password
R1(config)# service password-encryption
Login warning banner on router
R1(config)#banner motd $Unauthorized access strictly prohibited and
prosecuted to the full extent of the law$
R1(config)#exit

Define local login accounts
R1(config)#line console 0
R1(config-line)#login local
R1(config-line)#end
R1#exit

Define locally login accounts
R1(config)#line aux 0
R1(config-line)#login local

Watch for login attacks
Current router login attacks
R1#show login

This command indicate a 60 second login shutdown if two failed login attempts are made within 30 seconds.
R1(config)#login block-for 60 attempts 2 within 30
R1#show login

Log login activity
R1(config)#login on-success log
R1(config)#login on-failure log every 2
R1(config)#exit

Set privilege level of 15 so user with that highest privilege will default to it.

R1(config)#line vty 0 4
R1(config-line)#privilege level 15
R1(config-line)#login local
R1(config-line)#transport input ssh
R1(config-line)#exit

Configure RSA keys with 1024 for the number of mudulus bits.
R1(config)#crypto key generate rsa general-keys modulus 1024
R1(config)#exit

show ip ssh
R1#show ip ssh

ssh time out
R1(config)#ip ssh time-out 90
R1(config)#ip ssh authentication-retries 3
R1(config)#do wr





Labels:

Comments

Post a Comment

Popular posts from this blog

MongoDB Failed to start lsb an object/document-oriented database

After long gap I'm going to post new blog. Due to the work load and research I have little time.  MongoDB could not started after installation of 3.6 version, However downgrade to the 3.4, still the Mongodb couldn't start and show below error message. Search don't help to resolved the issue. After so much hit and trail nothing work. One Chinese forum posted this command and its works for me.  cd /var/lib sudo rm -rf ./mongodb sudo mkdir mongodb sudo chown -R mongodb mongodb/ sudo serivce mongodb restart
Post a Comment
Read more

Juniper switch Basic Configuration Commands

Hello fellow blog reader, after long gap I'm going to write this thread regarding the basic Juniper command and configuration. I try to include as much as troubleshooting/configuration command during day to day work. I would like to thank to Srijan pointing the error on LACP command. 1. Set username for login root@jpudasaini#set system root-authentication encrypted-password New password: Retype new password: root@jpudasaini#set system login user jay full-name jaypudasaini uid 400 class super-user authentication encrypted-password 2. Hostname configuration. root@switch#set system host-name jpudasaini root@jpudasaini# 3. Set Tacplus authentication for juniper switch. root@jpudasaini# set system authentication-order tacplus root@jpudasaini# set system authentication-order password root@jpudasaini# set system root-authentication encrypted-password "you password here" root@jpudasaini# set system tacplus-server 10.10.10.10(your tacplus server IP) secret &quo
1 comment
Read more

IOS XR GNS3 QEMU

This time lets have tutorial on Cisco XR 9k series router image running on the GNS3. Please don't ask for the XR image. Your are smart enough to get it. My system configuration: Ubuntu 16.04 GNS3 1.4 RAM 8Gig i7 processor Used XR Image iosxrv-k9-demo-6.0.1.qcow2 This image is VIRL extracted image. You need to convert this image into QEMU image, follow this link I strongly recommend you to run it on the Linux system. Now you have converted image, then go to the GNS3>Edit>Preferences>QEMU>Qemu VMs>New then follow the onscreen procedure. Setting for QEMU XR Image. RAM:- 4Gig CPU:- 1 Adapters at lest 4.  -enable-kvm Here you can see I can run the XR on my system. Interface is up and system is already booted.  I have run 3 XR router  here is my system RAM CPU usages. RP/0/0/CPU0:XR3(config)#int gi0/0/0/0 RP/0/0/CPU0:XR3(config-if)#ip add 192.168.13.2 255.255.255.252 RP/0/0/CPU0:XR3(config-if)#co
Post a Comment
Read more